Ke Gu,Na Wu,Bo Yin,Weijia Jia

DOI: https://doi.org/10.1109/tnsm.2019.2941869

2019-01-01

IEEE Transactions on Network and Service Management

Abstract:Fog computing is mainly used to process a large amount of data produced by terminal devices. As fog nodes are the closest acquirers to the terminal devices, the processed data may be tampered with or illegally captured by some malicious nodes while the data is transferred or aggregated. When some applications need to require real-time process with high security, cloud service may sample some data from fog service to check final results. In this paper, we propose a secure data query framework for cloud and fog computing. We use cloud service to check queried data from fog network when fog network provides queried data to users. In the framework, cloud server pre-designates some data aggregation topology trees to fog network, and then fog network may acquire related data from fog nodes according to one of the pre-designated data aggregation trees. Additionally, some fog nodes are assigned as sampled nodes that can feed back related data to cloud server. Based on the security requirements of fog computing, we analyze the security of our proposed framework. Our framework not only guarantees the reliability of required data but also effectively protects data against man-in-the-middle attack, single node attack and collusion attack of malicious users. Also, the experiments show our framework is effective and efficient.

Hongcheng Xie,Yu Guo,Xiaohua Jia

DOI: https://doi.org/10.1109/jiot.2021.3135303

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Fog computing has emerged as a promising framework with the rapid growth of the Internet of Things (IoT). In fog computing, the new entity, named fog device, can help the cloud process the large amount of data generated by IoT devices. Along with this trend, a location-based query scheme that collects IoT devices’ data from specific areas is an important application, especially in fog-enhanced sensor networks. However, in this application, the cloud and fog devices require the user’s query, sensors’ locations, and sensor data so that it raises critical privacy and security concerns. In this article, we devise a privacy-preserving-location-based data query scheme in fog-enhanced sensor networks, which allows the cloud and fog devices to collect sensor data from a query area without learning the three kinds of information. Specifically, we resort to a cryptographic primitive, named somewhat homomorphic encryption (SHE), with ciphertext packing to encrypt query, locations, and sensor data and efficiently calculate the distances between the user’s query and sensors. Then, we show how to build a hardware-assisted data query scheme to extract the matched data based on the distances. We formally analyze the security strengths and implement the system prototype. In order to implement secure processing within software guard extension (SGX), we make an effort to adapt the existing mathematical libraries to the advanced SGX trusted environment. Evaluation results demonstrate that our proposed design is secure and efficient.

Jiyuan Zhou,Tian Wang,Md. Zakirul Alam Bhuiyan,Anfeng Liu

DOI: https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.90

2017-01-01

Abstract:Since the cloud computing technology was proposed, it has developed rapidly. Cloud computing demonstrated that it was a major driver of change in the IT industry and there are a lot of cloud-based technologies deriving from cloud computing. With the Cloud computing development and global growth of data, cloud storage technology gets more attention and better development and attracts a large number of users. Users depend on the powerful storage capacity of cloud storage. However, in this storage schema, users' data is all stored in cloud servers. In other word, users lose their right of control on data and face privacy leakage risk. Traditional privacy protection schemes are usually based on encryption technology, but these kinds of methods cannot effectively resist attack from the inside of cloud server. Once the password gets compromised, users' data will be exposed to public. In order to solve this problem, we propose a hierarchic storage method based on fog computing model and design a Hash-Solomon code algorithm. We put a small part of data in local machine and fog server, which can take full advantage of cloud storage and protect the privacy of data. Through the theoretical safety analysis and experimental evaluation, the feasibility of our scheme is validated, which is really a powerful supplement to existing cloud storage scheme.

Jin Sun,Xiaojing Wang,Shangping Wang,Lili Ren

DOI: https://doi.org/10.1371/journal.pone.0207543

IF: 3.7

2018-11-29

PLoS ONE

Abstract:Fog computing can extend cloud computing to the edge of the network so as to reduce latency and network congestion. However, existing encryption schemes were rarely used in fog environment, resulting in high computational and storage overhead. Aiming at the demands of local information for terminal device and the shortcomings of cloud computing framework in supporting mobile applications, by taking the hospital scene as an example, a searchable personal health records framework with fine-grained access control in cloud-fog computing is proposed. The proposed framework combines the attribute-based encryption (ABE) technology and search encryption (SE) technology to implement keyword search function and fine-grained access control ability. When keyword index and trapdoor match are successful, the cloud server provider only returns relevant search results to the user, thus achieving a more accurate search. At the same time, the scheme is multi-authority, and the key leakage problem is solved by dividing the user secret key distribution task. Moreover, in the proposed scheme, we securely outsource part of the encryption and decryption operations to the fog node. It is effective both in local resources and in resource-constrained mobile devices. Based on the decisional q-parallel bilinear Diffie-Hellman exponent (q-DBDHE) assumption and decisional bilinear Diffie-Hellman (DBDH) assumption, our scheme is proven to be secure. Simulation experiments show that our scheme is efficient in the cloud-fog environment.

Tian Wang,Jiyuan Zhou,Minzhe Huang,Zakirul Alam Bhuiyan,Anfeng Liu,Wenzheng Xu,Mande Xie

DOI: https://doi.org/10.1016/j.future.2017.12.036

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:The recent emergence of cloud computing has drastically influenced everyone’s perception of infrastructure architectures, data transmission and other aspects. With the advent of both mobile networks and cloud computing, the computationally-intensive services are moving to the cloud, and the end user’s mobile device is used as an interface to access these services. However, cyber threats are also becoming various and sophisticated, which will endanger the security of users’ private data. In traditional service mode, users’ data is totally stored in the cloud, they lose the right of control on their data and face cyber threats such as data loss and malicious modification. To this end, we propose a novel cloud storage scheme based on fog computing. In our scheme, user’s private data is separately stored in the cloud and fog servers. By this way, the integrity, availability and confidentiality of user’s data can be ensured because the data is retrieved from cloud as well as fog, which is safer. We implement a system prototype and design a series of mechanisms. Extensive experiments results also validate the proposed scheme and methods.

Ke Gu,XingQiang Wang,Xiong Li

DOI: https://doi.org/10.1109/tsusc.2024.3362074

2024-01-01

IEEE Transactions on Sustainable Computing

Abstract:The security of fog computing has been researched and concerned with its development, where malicious attacks pose a greater threat to distributed data storage based on fog computing. Also, the rapid increasing on the number of terminal devices has raised the importance of fog computing-based distributed data storage. In response to this demand, it is essential to establish a secure and privacy-preserving distributed data auditing method that enables security protection of stored data and effective control over identities of auditors. In this paper, we propose a dynamic outsourced data audit scheme for Merkle hash grid-based fog storage with privacy-preserving, where fog servers are used to undertake partial outsourced computation and data storage. Our scheme can provide the function of privacy-preserving for outsourced data by blinding original stored data, and supports data owners to define their auditing access policies by the linear secret-sharing scheme to control the identities of auditors. Further, the construction of Merkle hash grid is used to improve the efficiency of dynamic data operations. Also, a server locating approach is proposed to enable the third-part auditor to identify specific malicious data fog servers within distributed data storage. Under the proposed security model, the security of our scheme can be proved, which can further provide collusion resistance and privacy-preserving for outsourced data. Additionally, both theoretical and experimental evaluations illustrate the efficiency of our proposed scheme.

Jiafu Jiang,Linyu Tang,Ke Gu,WeiJia Jia

DOI: https://doi.org/10.1093/comjnl/bxz108

2020-01-01

The Computer Journal

Abstract:Fog computing has become an emerging environment that provides data storage, computing and some other services on the edge of network. It not only can acquire data from terminal devices, but also can provide computing services to users by opening computing resources. Compared with cloud computing, fog devices can collaborate to provide users with powerful computing services through resource allocation. However, as many of fog devices are not monitored, there are some security problems. For example, since fog server processes and maintains user information, device information, task parameters and so on, fog server is easy to perform illegal resource allocation for extra benefits. In this paper, we propose a secure computing resource allocation framework for open fog computing. In our scheme, the fog server is responsible for processing computing requests and resource allocations, and the cloud audit center is responsible for auditing the behaviors of the fog servers and fog nodes. Based on the proposed security framework, our proposed scheme can resist the attack of single malicious node and the collusion attack of fog server and computing devices. Furthermore, the experiments show our proposed scheme is efficient. For example, when the number of initial idle service devices is 40, the rejection rate of allocated tasks is 10% and the total number of sub-tasks is changed from 150 to 200, the total allocation time of our scheme is only changed from 15 ms to 25 ms; additionally, when the task of 5000 order matrix multiplication is tested on 10 service devices, the total computing time of our scheme is $\sim$250 s, which is better than that of single computer (where single computer needs more than 1500 s). Therefore, our proposed scheme has obvious advantages when it faces some tasks that require more computational cost, such as complex scientific computing, distributed massive data query, distributed image processing and so on.

Mohammad Wazid,Ashok Kumar Das,Neeraj Kumar,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.future.2018.09.017

IF: 7.307

2019-02-01

Future Generation Computer Systems

Abstract:Fog computing (fog networking) is known as a decentralized computing infrastructure in which data, applications, compute as well as data storage are scattered in the most logical and efficient place among the data source (i.e., smart devices) and the cloud. It gives better services than cloud computing because it has better performance with reasonably low cost. Since the cloud computing has security and privacy issues, and fog computing is an extension of cloud computing, it is therefore obvious that fog computing will inherit those security and privacy issues from cloud computing. In this paper, we design a new secure key management and user authentication scheme for fog computing environment, called SAKA-FC. SAKA-FC is efficient as it only uses the lightweight operations, such as one-way cryptographic hash function and bitwise exclusive-OR (XOR), for the smart devices as they are resource-constrained in nature. SAKA-FC is shown to be secure with the help of the formal security analysis using the broadly accepted Real-Or-Random (ROR) model, the formal security verification using the widely-used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and also the informal security analysis. In addition, SAKA-FC is implemented for practical demonstration using the widely-used NS2 simulator.

Gulshan Kumar,Rahul Saha,Mritunjay Kumar Rai,Reji Thomas,G. Geetha,Tai-Hoon Kim,Joel J. P. C. Rodrigues

DOI: https://doi.org/10.1109/jiot.2020.2991105

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Interconnection and intercommunication between people, processes, and things have been enhanced with the development of the Internet of Things (IoT) and extended with fog computing for better efficiency. Fog computing improves the network services and circumvents the problem of escalated data management as an interface between cloud and terminal with the requirement of secure data transmission. In this article, a novel security framework is designed for fog computing intended for improving the security of IoT. This framework uses single point of aggregation from fog interface and lattice cryptographic approach to establish the security for the services. Azure cloud platform and Sage lattice cryptographic base have been employed to evaluate the performance of the framework. It is noticed that the Level 1-Level 2 (L1-L2) cache implementation in the system significantly improves the efficiency of the framework. The results show that the proposed framework is robust in preventing attacks on fog nodes and additionally provides an advantage for low communication overhead.

Ping Yu,Wei Ni,Hua Zhang,Ren Ping Liu,Qiaoyan Wen,Wenmin Li,Fei Gao

DOI: https://doi.org/10.1093/comjnl/bxab031

2021-01-01

The Computer Journal

Abstract:The ability of Fog computing to admit and process huge volumes of heterogeneous data is the catalyst for the fast expansion of Internet of things (IoT). The critical challenge is secure and differentiated access to the data, given limited computation capability and trustworthiness in typical IoT devices and Fog servers, respectively. This paper designs and develops a new approach for secure, efficient and differentiated data access. Secret sharing is decoupled to allow the Fog servers to assist the IoT devices with attribute-based encryption of data while preventing the Fog servers from tampering with the data and the access structure. The proposed encryption supports direct revocation and can be decoupled among multiple Fog servers for acceleration. Based on the decisional $q$-parallel bilinear Diffie–Hellman exponent assumption, we propose a new extended $q$-parallel bilinear Diffie–Hellman exponent (E$q$-PBDHE) assumption and prove that the proposed approach provides ‘indistinguishably chosen-plaintext attacks secure’ data access for legitimate data subscribers. As numerically and experimentally verified, the proposed approach is able to reduce the encryption time by 20% at the IoT devices and by 50% at the Fog network using parallel computing as compared to the state of the art .

Cheng Huang,Dongxiao Liu,Jianbing Ni,Rongxing Lu,Xuemin Shen

DOI: https://doi.org/10.1109/ICC.2018.8422445

2018-01-01

Abstract:Internet of Things (IoT) is reshaping our daily lives by bridging the gaps between physical and digital world. To enable ubiquitous sensing, seamless connection and real-time processing for IoT applications, fog computing is considered as a key component in a heterogeneous IoT architecture, which deploys storage and computing resources to network edges. However, the fog-based IoT architecture can lead to various security and privacy risks, such as compromised fog nodes that may impede developments of IoT by attacking the data collection and gathering period. In this paper, we propose a novel privacy-preserving and reliable scheme for the fog-based IoT to address the data privacy and reliability challenges of the selective data aggregation service. Specifically, homomorphic proxy re-encryption and proxy re-authenticator techniques are respectively utilized to deal with the data privacy and reliability issues of the service, which supports data aggregation over selective data types for any type-driven applications. We define a new threat model to formalize the non-collusive and collusive attacks of compromised fog nodes, and it is demonstrated that the proposed scheme can prevent both non-collusive and collusive attacks in our model. In addition, performance evaluations show the efficiency of the scheme in terms of computational costs and communication overheads.

Shuqing He,Bo Cheng,Haifeng Wang,Xuelian Xiao,Yunpeng Cao,Junliang Chen

DOI: https://doi.org/10.1109/infcomw.2018.8406927

2018-04-01

Abstract:With the scale of big data increasing in large-scale IoT application, fog computing is a recent computing paradigm that is extending cloud computing towards the edge of network in the field. There are a large number of storage resources placed on the edge of the network to form a geographical distributed storage system in fog computing system (FCS). It is used to store the big data collected by the fog computing nodes and to reduce the management costs for moving big data to the cloud. However, the storage of fog nodes at the edge of the network faces a direct attack of external threats. In order to improve the security of the storage of fog nodes in FCS, in this paper, we proposed a data security storage model for fog computing (FCDSSM) to realize the integration of storage and security management in large-scale IoT application. We designed a detail of the FCDSSM system architecture, gave a design of the multi-level trusted domain, cooperative working mechanism, data synchronization and key management strategy for the FCDSSM. Experimental results show that the loss of computing and communication performance caused by data security storage in the FCDSSM is within the acceptable range, and the FCDSSM has good scalability. It can be adapted to big data security storage in large-scale IoT application.

Yijian Lin,Xiaoming Wang,Qingqing Gan,Mengting Yao

DOI: https://doi.org/10.1016/j.jisa.2021.103022

IF: 4.96

2021-01-01

Journal of Information Security and Applications

Abstract:Nowadays, fog computing has become an emerging hot-topic for possessing the same advantages as cloud computing and the lower latency. Nevertheless, there are still many issues in fog computing that worth studying, the most importantly of which are key agreement and user authentication. In order to achieve secure communication among different entities, designing a secure key agreement and user authentication scheme becomes an urgent issue. Although many schemes have been investigated the key agreement and user authentication for cloud computing, these schemes cannot be directly applied to the fog computing due to efficiency and cost. To tackle this problem, we propose a secure and efficient key agreement and user authentication scheme for fog computing. Our scheme can establish secure sessions among different entities, and users can achieve cross-domain access to other fog server. Most importantly, Our scheme satisfies the perfect forward security and the complete anonymity. We prove that our scheme is secure in the random oracle model, and achieve formal security verification through the AVISPA tool. Finally, the performance analysis demonstrates that our scheme tends to be more efficient in comparison with similar schemes.

Keke Gai,Liehuang Zhu,Meikang Qiu,Kai Xu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tcc.2019.2942293

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:The interest in fog computing is growing, including in traditionally conservative and sensitive areas such as military and governments. This is partly driven by the interconnectivity of our society, and advances in technologies such as Internet-of-Things (IoT). However, protecting against privacy leakage is one of several key considerations in fog computing deployment. Therefore, in this paper, we present a privacy-preserving multi-layer access filtering model, designed for a fog computing environment; hence, coined fog-based access filter (FAF). FAF comprises three key algorithms, namely: access filter initialization algorithm, optimal privacy-energy-time algorithm, and tuple reduction algorithm. Also, a hierarchical classification is used to distinguish the protection objectives. Findings from our experimental evaluation demonstrate that FAF allows one to achieve an optimal balance between privacy protection and computational costs.

Yongkai Fan,Guanqun Zhao,Xiaofeng Sun,Jinghan Wang,Xia Lei,Fanglue Xia

DOI: https://doi.org/10.1145/3338507.3358621

2019-01-01

Abstract:As an extension of cloud computing, fog computing environment as well as fog node plays an increasingly important role in internet of things (IoT). This technology provides IoT with more distributed and efficient applications and services. However, IoT nodes have so much variety and perform poorly, which leads to more security issues. For this situation, we initially design a security scheme for the IoT fog environment. Based on the combination of Blockchain and Trusted Execution Environment (TEE) technologies, the security of data storage and transmission from fog nodes to the cloud are ensured, thus ensuring the trustworthiness of the data source in the fog environment.

Ke Gu,Wenbin Zhang,Xiong Li,Weijia Jia

DOI: https://doi.org/10.1109/tnsm.2021.3123475

2021-01-01

IEEE Transactions on Network and Service Management

Abstract:Presently many searchable encryption schemes have been proposed for cloud and fog computing, which use fog nodes (or fog servers) to partly undertake some computational tasks. However, these related schemes still retain cloud servers to undertake most computational tasks, which result in large communication costs between edge devices and cloud servers. Therefore, in this paper we propose a self-verifiable attribute-based keyword search scheme for distributed data storage (SV-KSDS) in full fog computing, where each decryption operation on the data required by a user must meet the negotiated decryption rule between fog servers. Our SV-KSDS scheme first provides attribute-based distributed data storage among fog servers through the (w, sigma) threshold secret-sharing scheme, where fog servers can provide self-verifiable keyword search and data decryption for terminal users. Compared with the data storage in cloud computing, our scheme extends it to the distributed structure while providing fine-grained access control for distributed data storage through attribute-based encryption. The access control policy of our scheme is constructed on linear secret-sharing scheme, whose security is reduced to the decisional bilinear Diffie-Hellman assumption against chosen-keyword attack and the decisional q-parallel bilinear Diffie-Hellman assumption against chosen-plaintext attack in the standard model. Based on theoretical analysis and practical testing, our SV-KSDS scheme generates less computation and communication costs, which further unloads some computational tasks from terminal users to fog servers so as to reduce computing costs of terminal users.

Zhi Li,Yanzhu Liu,Di Liu,Chunyang Li,Wei Cui,Guanglin Hu

DOI: https://doi.org/10.1109/CC.2018.8543057

2018-01-01

China Communications

Abstract:Fog computing is a new paradigm supporting the stringent requirements of mobility applications by bridging cloud computing and smart devices. Since the smart devices may be deployed in dynamic areas where are out of strict monitoring and protection, fog computing requires security protections to ensure confidentiality and integrity. In this article, to deal with security requirements and considering the distinctive features, a key management based on hypergraph schemed is designed. Firstly, based on the key hypergraph, the three hierarchy architecture of fog computing is divided into two subnetworks. Furthermore, each key management process of both two subnetworks is designed to satisfy the operational and security requirements of fog computing. Finally, the performance evaluation and numerical simulation have been provided to validate the proposed scheme.

Xiaodong Shen,Liehuang Zhu,Chang Xu,Kashif Sharif,Rongxing Lu

DOI: https://doi.org/10.1016/j.ins.2019.12.007

IF: 8.1

2020-01-01

Information Sciences

Abstract:Fog computing has garnered significant attention in recent years, since it can bridge the cloud and terminal devices and provide low latency, location awareness, and geo-distribution at the edge of the network. Data aggregation is a prime candidate for fog computing applications. However, most previous works about data aggregation do not focus on the fog computing. In addition, existing secure data aggregation schemes in fog computing usually do not support dynamic groups and arbitrary aggregation functions. In this paper, we construct concrete data encryption, data aggregation and data decryption algorithms, and further propose a privacy-preserving and collusion-resistant data aggregation scheme for dynamic groups in fog computing. Specifically, in the proposed protocol, the cloud server can periodically collect raw data and compute arbitrary aggregation functions on them. Even if some malicious terminal devices collude with the fog device or the cloud server, the honest terminal devices’ privacy cannot be breached. The fog device can filter out false data and aggregate all terminal devices’ ciphertexts to save the bandwidth. Besides, dynamic join and exit of terminal devices is achieved. Detailed security analysis shows that our scheme holds k-source anonymity. Our scheme is also demonstrated to be efficient via extensive experiments.

Yandong Zheng,Hui Zhu,Rongxing Lu,Songnian Zhang,Yunguo Guan,Fengwei Wang,Jun Shao,Hui Li

DOI: https://doi.org/10.1109/tifs.2024.3413630

IF: 7.231

2024-06-22

IEEE Transactions on Information Forensics and Security

Abstract:Outsourcing big data to cloud servers has gained prominence, and growing concerns about privacy, alongside privacy-related regulations, underscore the need to encrypt data before sending them to the cloud. Nevertheless, encryption significantly hampers the query capabilities of data, particularly in the case of vertically distributed data. This paper focuses on developing secure and efficient similarity query schemes for vertically distributed data in cloud environments. As is known, current solutions are constrained by limitations in query efficiency, approximate query results, and their ability to support vertical data. To address these issues, we introduce two novel schemes: a Fast Similarity Query Scheme (FSQ) and a Non-interactive Similarity Query Scheme (NoSQ) for outsourced distributed data. In the FSQ scheme, we enhance query efficiency by designing a trusted execution environment (TEE) assisted fast secret sharing (FSS) scheme and a series of FSS-based private algorithms, enabling secure data index construction and fast similarity query processing. For the NoSQ scheme, we eliminate communication overheads by designing a TEE assisted non-interactive secret sharing (NoSS) scheme and a series of NoSS-based private algorithms. Both schemes have undergone rigorous security validation using a simulation-based real/ideal worlds model, and their efficiency has been confirmed through comprehensive experiments.

computer science, theory & methods,engineering, electrical & electronic

Jiajun Yan,Xiaoming Wang,Qingqing Gan,Suyu Li,Daxin Huang

DOI: https://doi.org/10.1007/s00500-019-04215-9

IF: 3.732

2019-01-01

Soft Computing

Abstract:With the rapid development of the Internet of Things, the massive amount of big data generated by the Internet of Things terminals and the real-time processing requirements have brought enormous challenges. A two-tier computing model consisting solely of two entities, cloud and user, will not be sufficient to support processing large numbers of concurrent data requests. Therefore, fog computing was proposed. How to realize the secure and efficient deduplication of ciphertext in fog computing has become a new research topic. In this paper, we firstly present a new decentralized deduplication structure and then show how to apply it to construct a secure and efficient big data deduplication scheme in fog computing. The cloud server, in the proposed paper, can quickly determine which fog server needs to be traversed to search duplicate data, and instead of traversing all fog servers. This significantly improves the efficiency of big data deduplication in fog computing. Furthermore, the proposed scheme allows fog server to verify whether the user possesses the ownership of the data. Performance analysis and experimental results show the proposed scheme has less overheads than existing schemes.